예제 #1
0
 public function SetAutologin($username, $enable)
 {
     // Set SSL level
     $httpsOnly = ulUtils::IsHTTPS();
     // Cookie-name
     $autologin_name = 'AutoLogin';
     if ($enable == true) {
         if (!$this->Backend->IsAutoLoginAllowed()) {
             return false;
         }
         // Validate user input
         if (!self::ValidateUsername($username)) {
             return false;
         }
         // Check whetehr the user exists
         $uid = $this->Uid($username);
         if ($uid === false) {
             return false;
         }
         // Cookie expiry
         $expire = time() + UL_AUTOLOGIN_EXPIRE;
         // We store a nonce in the cookie so that it can only be used once
         $nonce = ulNonce::Create("{$username}-autologin", UL_AUTOLOGIN_EXPIRE, true);
         // HMAC
         // Used to verify that cookie really comes from us
         $hmac = hash_hmac(UL_HMAC_FUNC, "{$username}:::{$nonce}", UL_SITE_KEY);
         // Construct contents
         $autologin_data = "{$username}:::{$nonce}:::{$hmac}";
         // Set autologin cookie
         setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true);
     } else {
         // Cookie expiry
         $expire = time() - 3600 * 24 * 365;
         $autologin_data = '';
         // Set autologin cookie
         setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true);
     }
     return true;
 }
예제 #2
0
		<td>
			<select name="action">
			<option>login</option>
			<option>autologin</option>
			<option>create</option>
			</select>
		</td>
	</tr>

	<tr>
		<td>
			Nonce:
		</td>
		<td>
			<input type="text" id="nonce" name="nonce" value="<?php 
    echo ulNonce::Create('login');
    ?>
">
		</td>
	</tr>

	<tr>
		<td>
		<input type="submit">
		</td>
	</tr>

	</table>
	</form>
<?php 
}
예제 #3
0
 private static function updateTokenCookie()
 {
     if (!UL_PREVENT_REPLAY) {
         return;
     }
     $cookieName = 'SSESTOKEN';
     $cookieData = ulNonce::Create('ulSessionToken', UL_SESSION_EXPIRE);
     setcookie($cookieName, $cookieData, 0, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, ulUtils::IsHTTPS(), true);
 }
예제 #4
0
function page_header($showbuttons=1){
    if (array_get($_SESSION['admin'], 'is_logged') == 1) {
        $PageTitle = getLang('atitle_logged');
    } else {
        $PageTitle = getLang('atitle_notlogged');
    }

    echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>'.$PageTitle.'</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" />
<meta name="robots" content="NOINDEX,NOFOLLOW" />
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv="content-language" content="en" />
<meta name="language" content="en" />';
    
    if(array_get($_SESSION['admin'], 'is_logged') == true) {
    echo '
<link href="../themes/smoothness/jquery-ui-1.7.2.custom.css" media="all" rel="stylesheet" type="text/css" />
<link href="../css/validationEngine.jquery.css" media="all" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="../js/jquery-ui-1.7.2.custom.min.js"></script>
<script type="text/javascript" src="../js/underscore-min.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript">

var AJAX_URL = "' . $_SERVER['REQUEST_URI'] . '";
    
jQuery(document).ready(function($){
    var $tabs = $("#tabs").tabs({
        select: function(event, ui){
            var url = $.data(ui.tab, "load.tabs");
            var tabid = ui.panel.id;
            
            if(url) {
                location.href = url;
                return false;
            }
       	
           	return true;
        }
    });

    $("#tabs").tabs("select", '.($_SESSION['admin']['selected_tab']+0).');
    $("div.TabsHolder").show();

    $("#Tab0, #Tab1, #Tab2, #Tab3, #Tab5, #Tab6, #Tab7, #Tab10").click(function() {
        location.href = $(this).attr("rel");
        return false;
    });

    $("#expiry_date, #trade_date, #tr_date, #user_app_date, #date_value").datepicker({
        changeMonth: true,
        changeYear: true,
        dateFormat: "yy-mm-dd"
    });
});
</script>';
    }
    echo '
<link href="css/styles.css" media="screen" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="css/font-awesome/css/font-awesome.min.css">
</head>
	
<body>
<div class="wrapper">';
    if(array_get($_SESSION['admin'], 'is_logged') == true) {
    	$mailsToSend='';
    	$db=new DBConnection();
    	if($showbuttons==1) {
	    $query='SELECT COUNT(*) AS total_mails FROM mail_queue WHERE is_sent=0';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_mails']>0){
            $mailsToSend=' ('.$row['total_mails'].')';
        }

	    $usersActive='';
	    $usersPending='';
	    $usersDisabled='';
	    $usersTrades0='';
	    $usersTrades1='';
	    $usersTrades2='';
        
	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=1';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersActive=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=2';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersPending=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=3';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersDisabled=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num>=2';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades2=' ('.$num_rows.')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num=1';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades1=' ('.$num_rows.')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num=0';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades0=' ('.$num_rows.')';
        }
        
        $adminType = array_get($_SESSION['admin'], 'type');

	echo '
    <div class="TabsHolder">
	<div id="tabs">
	    <ul>
		<li><a href="#TC-10" id="Tab0" rel="users.php?view=active">Accounts</a></li>
		<li><a href="#TC-50" id="Tab1" rel="trades.php">Option Trades</a></li>
		<li><a href="#TC-60" id="Tab2" rel="strades.php">Stock Trades</a></li>
		<li><a href="#TC-70" id="Tab3" rel="transfers.php">Transfers</a></li>
		<li><a href="#TC-65" id="Tab7" rel="stocks.php">Stock Management</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-80" id="Tab4">Back-end Settings</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-81" id="Tab8">Front-end Settings</a></li>
		<li><a href="#TC-85" id="Tab5" rel="users_advisors.php">Advisors</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-90" id="Tab6" rel="users_admins.php">Backend users</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-92" id="Tab9">Mails</a></li>
		<li><a href="#TC-93" id="Tab10" rel="logs_show.php">Logs</a></li>
		<li><a href="index.php?logout=true">Sign out</a></li>
	    </ul>
	
	    <div id="TC-10">
		<a href="users.php">List all</a> |
		<a href="users.php?action=new">Add new</a> |
		<a href="users.php?view=active">Active'.$usersActive.'</a> |
		<a href="users.php?view=disabled">Disabled'.$usersPending.'</a> |
		<a href="users.php?view=pending">Pending'.$usersDisabled.'</a> |
		<a href="users.php?view=trades2">2+ trades'.$usersTrades2.'</a> |
		<a href="users.php?view=trades1">1 trade'.$usersTrades1.'</a> |
		<a href="users.php?view=trades0">0 trades'.$usersTrades0.'</a>
	    </div>
			
	    <div id="TC-50">
		<a href="trades.php?action=new_buy">New BUY order</a> | 
		<a href="trades.php?action=list_open">New SELL order</a> | 
		<a href="trades.php">View all orders</a>
	    </div>
		
		<div id="TC-60">
		<a href="strades.php?action=new_buy">New BUY order</a> | 
		<a href="strades.php?action=list_open">New SELL order</a> | 
		<a href="strades.php?action=new_short">New SHORT order</a> | 
		<a href="strades.php?action=new_cover">New COVER order</a> | 
		<a href="strades.php">View all orders</a>
		</div>
		
		<div id="TC-65">
		<a href="stocks.php?action=new_value">Add New Values</a> | 
		<a href="stocks.php?action=list_dates">Edit Values</a> | 
		<a href="stocks_edit.php">Edit All Values</a> | 
		<a href="stocks.php?action=new_stock">Add New Stock</a> | 
		<a href="stocks.php">List all stocks</a> | 
		<a href="stocks.php?action=force_update">Force Update Values</a>
		</div>
			
	    <div id="TC-70">
		<a href="transfers.php?action=new_deposit">Add new Deposit</a> | 
		<a href="transfers.php?action=new_withdraw">Add new Withdraw</a> | 
		<a href="transfers.php">View all transfers</a>
	    </div>
		
	    <div id="TC-85">
		<a href="users_advisors.php">List all</a> | 
		<a href="users_advisors.php?action=new">Add new</a>
	    </div>
	    
	    <div id="TC-93">
			<a href="logs_show.php">Overview</a> 
	    </div>';
    
    if ($adminType == 'owner') {
        echo '
            <div id="TC-80">
                <a href="settings_css.php">CSS Styles</a> | 
                <a href="settings_translations.php">Translations</a> |
                <a href="commodities.php">Commodities</a> | 
                <a href="commodities_groups.php">Commodities - groups</a> | 
                <a href="expiry_dates.php">Commodities - exp. dates</a> |
                <a href="settings_pdf.php">PDF Settings</a> |
                <a href="pdf_templates.php">PDF Templates</a>
            </div>

            <div id="TC-81">
                <a href="settings_header_front.php">Custom Header</a> | 
                <a href="settings_footer_front.php">Custom Footer</a> | 
                <a href="settings_css_front.php">CSS Styles</a> | 
                <a href="settings_translations_front.php">Translations</a> |
                <a href="settings_deposit_text.php">Deposit\'s Text</a> |
                <a href="settings_other.php">Other settings</a> 
            </div>
            
            <div id="TC-90">
                <a href="users_admins.php">List all</a> | 
                <a href="users_admins.php?action=new">Add new</a>
            </div>

            <div id="TC-92">
                <a href="mails_smtp_settings.php">Mail Settings</a> | 
                <a href="mails_templates.php">Templates</a> |
                <a href="mails_assigns.php">Mail Assigns</a> |  
                <a href="mails_mass.php">Mass mail</a> | 
                <a href="mails_outbox.php">Outbox Queue'.$mailsToSend.'</a>
            </div>
        ';
    }
    
    echo '
	</div>
    </div>';
    
    	}
	echo '
    <div class="MainContainer">';
    }else{
	$db=new DBConnection();

	$UserIP=GetHostByName($_SERVER["REMOTE_ADDR"]);
	$query='SELECT banned_ips_id FROM banned_ips WHERE banned_ip="'.$UserIP.'" LIMIT 1';
	$res=$db->rq($query);
	$num_rows=$db->num_rows($res);
	$db->close();
	if($num_rows>0) {
	    echo '<div class="LoginContainer"><h3>'.getLang('lform_publicbanmessage').'</h3></div>';
	}else{
	    echo '
	<div class="LoginContainer">
	    <h3>'.getLang('aform_title').'</h3>
	    '.((array_get($_GET, 'error') == 1)?'<div class="errorsHolder">Invalid username or password</div>':'').'
	    <form name="login_form" method="post">
		<div style="float:left;">
		    <div class="labels">'.getLang('lform_username').':</div><br />
		    <div class="labels">'.getLang('lform_password').':</div>
		</div>

		<div style="float:left;">
		    <input type="text" name="l_username" class="tinputs"><br />
		    <input type="password" name="l_password" class="tinputs">
		</div>
        
        <input type="hidden" id="nonce" name="nonce" value="'. ulNonce::Create('login') .'" />

		<br />
		<input type="submit" name="_login" class="submitBtn" value="'.getLang('lform_submitbtn').'">
	    </form>';
	}
    }
}
	'post_action':'<?php 
echo $returnUrl;
?>
',
	'sig_request':'<?php 
echo $sig_request;
?>
'
});
</script>

<?php 
// ********************************
//	Your HTML here
//  header, body, text, etc.
// ********************************
?>

<iframe id="duo_iframe" width="500" height="800" frameborder="0" allowtransparency="true" style="background: transparent;"></iframe>
<form method="POST" id="duo_form">
	<input type="hidden" name="ulDuoSecLoginNonce" value="<?php 
echo ulNonce::Create('ulDuoSecLogin');
?>
" />
</form>

<?php 
// ********************************
//	Your HTML here
//  body, text, footer etc.
// ********************************